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Art 



Unit: 2132 



DETAILED ACTION 



l. 



This office action is in reply to an amendment filed on April 02, 2007. 



Claims 1-18 are amended and claim 20 has been canceled. Thus claims 1-19 



are pending/ examined. 



Response to Arguments 



2. 



Applicant's remarks/ arguments filed on April 02, 2007 have been fully 



considered but they are not persuasive. 

Regarding 35 U.S.C. §101 rejection given to claim 19 Applicant's argued and 
wrote the following in support of the argument. 

'The Examiner has rejected claim 19 under 35 U.S.C. §101 as being directed to 
non-statutory subject matter. The rejection is respectfully traversed. MPEP 2106.01 
states, "In contrast, a claimed computer-readable medium encoded with a data structure 
defines structural and functional interrelationships between the data structure and the 
computer software and hardware components which permit the data structure's 
functionality to be realized, and is thus statutory." Claim 19 recites, "the computer 
program product being embodied in a computer-readable medium and comprising 
computer instructions for..." and it is believed that claim 19 is directed towards statutory 
subject matter. * 

Examiner agreed with the applicant's argument however the reason why the 35 
U.S.C. §101 rejection was given is just because the limitation recited in the claims does 
not produce a tangible result and not for the reason argued by the applicant. 

Even though the limitation of the respective independent claim 19 is directed to 
a technological art, environment or machine which would result in a practical 
application producing a concrete and useful result, it does not produce a tangible 
result to form the basis of statutory subject matter under 35 U.S.C. 101. 
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For instance, if the last limitation in the claim is only generating 
encryption/ decryption key or comparing two results, with out transmitting, displaying 
or storing or performing some concrete result, by which the result is precisely identified 
or realized and perceived, the claim language is not generally considered to be 
producing tangible result. 

By the same token, the last limitation recited in the respective independent 
claim 19, "opening the covert service channel on the target host to allow a connection 
with the remote host" is not producing a tangible result, unless and otherwise the final 
limitation of the claim is somehow transmitting, storing or displaying, some 
concrete result. In other words the final limitation in the claim language has to be 
something, which is capable of being precisely identified or realized and 
perceived. 

Regarding to the rejection given to the respective independent claims 1, 
11, 16-19 applicant's traversed the rejection and wrote the following in support of the 
argument. 

"As amended, claim 1 recites "remotely activating a covert service channel" and 
"opening the covert service channel " Support for the amendment can be found, 
without limitation, at page 6 line 11. Conventional authentication techniques 
"provide an opportunity for an unauthenticated client or attacker to access a client" 
because they allow an attacker to "know[] that a sendee or set of services is 
exposed and can be attacked. Many attackers begin by probing or scanning for 
systems and services." (Application, page 1 line 15 to page 2 line 9.) In contrast, a 
covert service channel is one "effectively hidden from random port scanners." 
(Application, page 16 lines 4 to 19.) Dalgic and Tonnby describe conventional 
authentication techniques and do not disclose "remotely activating a covert service 
channel" as recited in amended claim 1. Claim 1 is therefore believed to be 
allowable. 9 
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Examiner disagrees with the above argument. 

Examiner would point out that neither page 1 lines 15 to page 2 line 9, nor page 
16, lines 4 to 19, recites "covert service channel" as argued by applicant's. 
On page 16, lines 20-22, of applicant's disclosure the following has been 
disclosed which could be interpreted as a channel which is "effectively hidden 
from random port scanners" 

"If trigger 210 is not authenticated, then the port that trigger 210 was received 
on remains closed (408). If trigger 210 is authenticated, the port and passively 
wait for a connection request from authenticated remote client 206 (410)." 

However unlike applicant's above argument about the "covert service 
channel", based on the definition provided on the web and on the Patent 
application Patent No. 5,574,912, date of patent Nov 12, 1996 by Hu et al on 
column 3, lines 19-25, a "covert channel" in a computer system is a 
communication channel that allows one or more processes operating in a 
computer system (e.g., one or more programs) to transfer information in a 
manner that violates the system's security policy, e.g., to transfer 
information to unauthorized users/ 9 

Therefore the introduction of this term, "covert service channel" does not 
change the scope of the claim. Applicant's however could incorporate what is 
cited on page 16, lines 20-22 to explicitly indicate how the channel protect itself 
form from attackers probing or scanning the systems or services or how the 
channel is effectively hidden from random port scanners." In other words since 
the actual conventional meaning/ definition of "covert service channel" differs 
from what is taught to be incorporated in the independent claims further 
amendment is required. 
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Furthermore according to the above definition the art/ s on the record 
discloses each and every limitation recited in the respective independent claims. 
For instance, regarding the respective independent claims 1,11, 16-19, Dalgic 
discloses a method for remotely activating a covert service channel 
comprising: 

• Using a transport mechanism to send a trigger from a remote client 
to a host; [column 7, lines 6-8] (wherein said hub/ switch is for detecting a 
connection to a portable computer system and for performing authentication in 
response thereto); 

• Receiving the trigger; [Column 7, lines 9-11] (wherein said cradle is for 
receiving user authentication data from said portable computer system and 
transmitting said user authentication data to said server); 

• Authenticating the trigger; and opening the covert service channel 
to allow a connection with the remote host. [Column 7, lines 12-20] 

(wherein said server is for opening a port on said hub/ switch allowing said 
ethernet phone to communicate voice data over said LAN and also allowing said 
cradle access to said LAN provided said authentication is successful and 

otherwise for causing said hub/ switch to block said ethernet phone and said 
cradle from accessing said LAN and said server for closing said port in response 
to detecting operational variations that are unfamiliar to said LAN.) 

Thus, it has been found that the present amendment made does not 
basically change the scope of the independent claims and is something, which is 
already disclosed, by the references. Therefore the rejection is maintained till 
applicant further amend at least the independent claims and successfully 
overcome the ground of rejection set forth in the office action. 

Claim Rejections - 35 USC §101 
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3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

4. Claims 19 is rejected under 35 U.S.C. 101 because the subject matter is 
directed to non- statutory subject matter. 

0 

5. Claim 19 is directed to a computer program product for remotely activating 
a covert service channel. Though the computer program product is being embodied in 
the computer readable medium, the examiner asserts that the last limitation of the 
above claim, in particular "opening the covert service channel on the target host to 
allow a connection with the remote host" is not producing tangible result to form 
the basis of statutory subject matter under 35 U.S.C. 101. See MPEP § 2106 IV. B. 
1(a). Therefore the claim is a program per se and does not fall within the statutory 
classes listed in 35 USC 101. 

Even though the limitation of the respective independent claim 19 is directed to 
a technological art, environment or machine which would result in a practical 
application producing a concrete and useful result, it does not produce a tangible 
result to form the basis of statutory subject matter under 35 U.S.C. 101. 

For instance, if the last limitation in the claim is only generating 
encryption/ decryption key or comparing two results, with out transmitting, displaying 
or storing or performing some concrete result, by which the result is precisely identified 
or realized and perceived, the claim language is not generally considered to be 
producing tangible result. 

By the same token, the last limitation recited in the respective independent 
claim 19, "opening the covert service channel on the target host to allow a connection 
with the remote host" is not producing a tangible result, unless and otherwise the final 
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limitation of the claim is somehow transmitting, storing or displaying, some 
concrete result. In other words the final limitation in the claim language has to be 
something, which is capable of being precisely identified or realized and 
perceived. 

Claim Rejections - 35 USC §102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under 
section 122(b), by another filed in the United States before the invention by the 
applicant for patent or (2) a patent granted on an application for patent by another filed 
in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the 
effects for purposes of this subsection of an application filed in the United States only if 
the international application designated the United States and was published under 
Article 21(2) of such treaty in the English language. 

7. Claims 1. 11, 16-19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Dalgic et al (hereinafter refereed as Dalgic) (U.S. Patent No. 7,024,478) (Filed on 
August 14, 2000) 

g. As per independent claims 1. 11. 16-19 Dalgic discloses a method for 
remotely activating covert service channel comprising: 

• Using a transport mechanism to send a trigger from a remote client 
to a host; [column 7, lines 6-8] (wherein said hub/ switch is for detecting a connection 
to a portable computer system and for performing authentication in response thereto); 
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• Receiving the trigger; [Column 7, lines 9-11] (wherein said cradle is for 
receiving user authentication data from said portable computer system and transmitting 
said user authentication data to said server); 

• Authenticating the trigger; and opening the covert service channel 
to allow a connection with the remote host. [Column 7, lines 12-20] (wherein said 
server is for opening a port on said hub/ switch allowing said ethernet phone to 
communicate voice data over said LAN and also allowing said cradle access to said LAN 
provided said authentication is successful and otherwise for causing said 

hub/ switch to block said ethernet phone and said cradle from accessing said LAN and 
said server for closing said port in response to detecting operational variations that are 
unfamiliar to said LAN.) 

Claim Rejections - 35 USC §103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the differences between 
the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 2-10 and 12-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dalgic et al (hereinafter refereed as Dalgic) (U.S. Patent No. 
7,024,478) (Filed on August 14, 2000) in view of Tarquini et al (hereinafter refereed as 
Tarquini) (U.S. Publication No. 2003/0101353) (Filed on October 31, 2001) 
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1 1 . As per dependent claims 2-10 and 12-15 Dalgic discloses a method for 
remotely activating a covert service channel comprising: 

• Using a transport mechanism to send a trigger from a remote client 
to a host; [column 7, lines 6-8] (wherein said hub/ switch is for detecting a connection 
to a portable computer system and for performing authentication in response thereto); 

^ • Receiving the trigger; [Column 7, lines 9-11] (wherein said cradle is for 
receiving user authentication data from said portable computer system and transmitting 
said user authentication data to said server); 

• Authenticating the trigger; and opening the covert service channel 
to allow a connection with the remote host, [Column 7, lines 12-20] (wherein said 
server is for opening a port on said hub/ switch allowing said ethernet phone to 
communicate voice data over said LAN and also allowing said cradle access to said LAN 
provided said authentication is successful and otherwise for causing said 

hub/ switch to block said ethernet phone and said cradle from accessing said LAN and 
said server for closing said port in response to detecting operational variations that are 
unfamiliar to said LAN.) 

Dalgic does not explicitly disclose the method remotely activating the covert 
service channel, using a transport mechanism to send a trigger further includes 
using a protocol to format the transport mechanism. 

Furthermore Dalgic does not disclose remotely activating a service channel 
as recited wherein opening the covert service channel on the host further 
includes sending a reply to the remote client. 

However, in the same field of endeavor Tarquini, discloses the feature of 
remotely activating the covert service channel, using a transport mechanism to 
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send a trigger further includes using a protocol to format the transport 
mechanism. [See the feature of NMAP, paragraph 0043-0046] 

Furthermore, Tarquini, discloses the feature of remotely activating a 
covert service channel as recited wherein opening the service channel on the 
host further includes sending a reply to the remote client, and the rest of the • 
features recited in the dependent claims. [See the feature of NMAP, paragraph 
0043-0046] 

It would have been obvious to one having ordinary skill in the art, at the 
time the invention was made, to combine the basic feature of Nmap as per 
teachings of Tarquini,into the method taught by Dalgic in order to detect 
intrusion at a node. [See abstract, Tarquini] 

12. Claims L LL 16-19 are also rejected under 35 U.S.C. 102(e) as being 
anticipated by Tonnby et al (hereinafter refereed as Tonnby) (U.S. Publication No. 
2005/0163131 Al) (Filed on 01/7/2003) 

13. As per independent claims 1. 11. 16-19 Tonnbv discloses a method for 
remotely activating a covert service channel comprising: 

• Using a transport mechanism to send a trigger from a remote client 
to a host; Receiving the trigger; Authenticating the trigger; and opening the 
covert service channel to allow a connection with the remote host. [Paragraph 
0119] (For the handler of mobile service agents to determine if the user is allowed to 
attach at a new user port various methods can be used to ensure the authenticity of the 
roaming device. For wired scenarios, where a user disconnects the Ethernet wire and 
reconnects it at another port it may suffice that it is checked that the device MAC address 
is no longer connected to the previous user port. However in general, and in particular 
when using WLAN access methods a more secure method is needed. To achieve this, an 
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authentication procedure, such as described in [4] is triggered by the handler of 
mobile service bindings, and only upon successful authentication the penult is 
informed to open the user port for the mobile sendee binding.) 

14. Claims 2-10 and 12-15 are also rejected under 35 U.S.C. 103(a) as being 
unpatentable over Tonnby et al (hereinafter refereed as Tonnby) (U.S. Publication No. 
2005/0163131 Al) (Filed on 01/7/2003) in view of Tarquini et al (hereinafter refereed 
as Tarquini) (U.S. Publication No. 2003/0101353) (Filed on October 31, 2001) 

15. As per dependent claims 2-10 and 12-15 Tonnbv discloses a method for 
remotely activating a covert service channel comprising: 

• Using a transport mechanism to send a trigger from a remote client 
to a host; Receiving the trigger; Authenticating the trigger; and opening the 
covert service channel to allow a connection with the remote host. [Paragraph 
0119] {For the handler of mobile service agents to determine if the user is allowed to 
attach at a new user port various methods can be used to ensure the authenticity of the 
roaming device. For wired scenarios, where a user disconnects the Ethernet wire and 
reconnects it at another port it may suffice that it is checked that the device MAC address 
is no longer connected to the previous user port. However in general, and in particular 
when using WLAN access methods a more secure method is needed. To achieve this, an 
authentication procedure, such as described in [4] is triggered by the handler of 
mobile service bindings, and only upon successful authentication the penult is 
informed to open the user port for the mobile service binding.) 

Tonnby does not explicitly disclose the method remotely activating the covert 
service channel, using a transport mechanism to send a trigger further includes 
using a protocol to format the transport mechanism. 
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Furthermore Tonnby does not disclose remotely activating a covert service 
channel as recited wherein opening the service channel on the host further 
includes sending a reply to the remote client. 

However, in the same field of endeavor Tarquini, discloses all the 
feature of remotely activating the covert service channel, using a transport 
mechanism to send a trigger further includes using a protocol to format the 
transport mechanism. [See the feature of NMAP, paragraph 0043-0046] 
Furthermore, Tarquini, discloses the feature of remotely activating a covert 
service channel as recited wherein opening the covert service channel on the 
host further includes sending a reply to the remote client, and the rest of the 
features recited in the dependent claims. [See the feature of NMAP, paragraph 
0043-0046] 

It would have been obvious to one having ordinary skill in the art, at the 
time the invention was made, to combine the basic feature of Nmap as per 
teachings of Tarquini, into the method taught by Tonnby in order to detect 
intrusion at a node. [See abstract, Tarquini] 

Conclusion 

16. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will expire on the date the 
advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) 
will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from 
the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 571- 
272-3806. The examiner can normally be reached on Monday-Friday (8:00 am— 
4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful; the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

SAMSON LEMMA 



06/14/2007 
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SUPERVISORY PATENT EXAMINER 
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